The Compliance and Auditing Policy defines the approach to be taken to ensure the Company is compliant with legal, statutory, regulatory and contractual obligations related to information security and of ant security requirements, standards and internal policies, guidelines and processes mandated by the Company.
The scope and statements within this policy shall also apply to all personal data processed by the Company. “Processing” in this context means any operation concerning personal data throughout the information lifecycle; this includes but is not limited to personal data collected, stored, viewed, transferred, analyzed or communicated in hard copy, oral or electronic form.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. IDENTIFICATION AND COMPLIANCE WITH LEGAL AND REGULATORY REQUIREMENTS
3.1 COMPLIANCE WITH LEGAL, REGULATORY AND CONTRACTUAL INFORMATION SECURITY AND DATA PRIVACY REQUIREMENTS
3.2 INTELLECTUAL PROPERTY RIGHTS
3.3 PROTECTION OF RECORDS
3.4 PRIVACY AND PROTECTION OF PERSONAL DATA
3.5 PREVENTION OF MISUSE OF INFORMATION PROCESSING FACILITIES
3.6 REGULATION OF CRYPTOGRAPHIC CONTROLS
4. INFORMATION SECURITY OPERATIONAL RISK MANAGEMENT
5. INFORMATION SECURITY REVIEWS
5.1 MANAGEMENT REVIEW OF THE INFORMATION SECURITY MANAGEMENT SYSTEM
5.2 INDEPENDENT REVIEW OF INFORMATION SECURITY
5.3 COMPLIANCE WITH SECURITY POLICIES AND STANDARDS
5.4 TECHNICAL COMPLIANCE REVIEW
6. INFORMATION SYSTEMS AUDIT CONSIDERATIONS
6.1 INFORMATION SYSTEMS AUDIT CONTROLS
6.2 PROTECTION OF INFORMATION SYSTEMS AUDIT TOOLS
8. FINAL CONSIDERATIONS
8.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
8.2 DOCUMENT REVISION
This bundle contains all the products listed in the Risk Management section. Take advantage of the 25% OFF when buying the bundle!
This bundle contains all the products listed in the Identity and Access Management section. Take advantage of the 25% OFF when buying the bundle!
The objective of the Network Security Policy is to ensure the security of data transfers across Company’s networks and that an adequate level of security exists to protect the network infrastructure.
Review Compliance and Auditing Policy.
You must be logged in to post a review.